Catalog Description

The class covers forensics tools, methods, and procedures
used for investigation of computers, techniques of data
recovery and evidence collection, protection of evidence,
expert witness skills, and computer crime investigation
techniques. Includes analysis of various file systems and
specialized diagnostic software used to retrieve data.
Prepares for part of the industry standard certification
exam, Security+, and also maps to the Computer Investigation
Specialists exam.

Examine computer media to discover evidence.

Prerequisite: Students should have taken CNIT 120 or have equivalent
familiarity with the fundamentals of security.

Upon successful completion of this course, the student will be
able to:

Define and describe computer investigations

Demonstrate correct methods of evidence gathering

Use and evaluate various operating systems and file systems

Equip a Forensics Lab with appropriate hardware and software

Install, configure, and use various command-line and graphical software forensics tools

No Class--We will have a special presentation on the Pass the Hash, a powerful attack hackers have been using to compromise Windows systems for 15 years. Microsoft finally patched it in Windows 8.1. (This is worth extra credit)

6:30 to 8:30 at CCSF's Chinatown campus, 808 Kearny St., Fourth floor

Presenting will be one of Microsoft's top security researchers, Nathan Ide who developed the "fix" at Microsoft.

Speaker Biographies

Conrad del Rosario

Graduated law school in 1991 and have worked as a prosecutor for over 20 years. Worked in various criminal units at the SF DA's office including domestic violence, sexual assault, and narcotics before working identity theft and high technology crimes. Currently the managing attorney for the Economic Crimes Unit, part of our White Collar Division, where I oversee 5 attorneys including the high technology and identity theft teams.

Currently assigned to the Rapid Enforcement Allied Computer Team (REACT) Task Force which is a consortium of local law enforcement agencies investigating high technology crimes based out of Silicon Valley, member of HTCIA, and currently a certified instructor for Peace Officer Standards and Training (POST) in the area of High Technology Investigations.